Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network

• Previous message: Reckhard, Tobias: "RE: [fw-wiz] PIX, DNS fixups and Zone Transfers"
• In reply to: Paul Robertson: "Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network"
• Next in thread: Paul Robertson: "Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network"
• Reply: Paul Robertson: "Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Paul Robertson <proberts@patriot.net>
Date: Wed, 28 May 2003 13:28:14 +0400

nuqneH,

What's wrong with irc? It is a good communication tool.
It is reasonable to deny DCC file transfers, though, and there should
be no non-approved clients because of security bugs. Select one or two
clients per platform that to be allowed in your office, deny DCC
send/receive, inform users about dangers of installing custom scripts,
maintain a list of allowed servers/networks, keep an
eye on vulnerability database and i am pretty sure risk from using
Outlook or IE is more important in this situation.

Even "out of the box" irc is not more insecure than widely-used ICQ.
I even encourage users to use corporate IRC server as generic
messaging tool. It is far better than using ICQ (with mirabilis servers
usually!) as _really many_ companies that have no own IM system do.

On Tue, May 27, 2003 at 10:50:28PM -0400, Paul Robertson wrote:

> That's a silly and mostly specious pre-requisite. For instance, most
> small office users have *no* need for IRC, and given that IRC is *the*
> major control vector for trojaned machines, why the heck would you allow it
> outbound from a small office? Nuke 6667/tcp outbound and you decrease the
> chance of being owned rather significantly, and you break less than 1/2 of
> 1% of SOHO users.
>
 
                                     _ _ _ _ _ _ _
 {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
 (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
 [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Reckhard, Tobias: "RE: [fw-wiz] PIX, DNS fixups and Zone Transfers"
• In reply to: Paul Robertson: "Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network"
• Next in thread: Paul Robertson: "Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network"
• Reply: Paul Robertson: "Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]